Here is some information that I've found/discovered from playing around with packets. The following is presented in an adhoc tutorial style. Hopepully you find it interesting.
Something that I found useful was the ability to actually capture the raw UDP packet using tcpdump
utility.
In the following example, we'll capture a DNS query packet and save it to a file.
Open up two terminal windows. In one window, type the following:
$ tcpdump udp -e -i eth0 -nn -vvv -c 1 -w dig.raw
The -c 1
option means that we only want to capture a single packet. The -w dig.raw
options means that we want to dump the bytes of the packet we receive to dig.raw
.
In the other window, type the following:
$ dig @8.8.8.8 www.uga.edu
In the first window, you should notice that tcpdump
captured a packet and quit. The contents of that packet are now in dig.raw
.
Note: In the commands above, you may need to change eth0
to whatever interface you're actually using.
After looking around online and playing with the format strings myself, I came up with some pretty neat ways to display a file using the hexdump
utility. You can check out the commands in the other files in this gist. Also, they should work with any file (not just packet dumps).